icontact

SUSPICIOUS. The core capability is coherent with an iContact integration, and the CLI comes from an official registry package associated with the same publisher ecosystem, so this is not strong evidence of malware. However, the skill routes authentication and all iContact operations through Membrane as an intermediary, requires trusting an external CLI/service with account access, uses an unpinned latest install, and contains a clear documentation mismatch. Overall this is a medium-risk third-party integration pattern rather than a benign direct API guide.